Under Pressure: Balancing Privacy Breach Notification with Incident Response

Presented at ShmooCon 2023, Jan. 22, 2023, 11 a.m. (60 minutes)

There is an inherent tension between incident response and reporting requirements. This tension is well-highlighted in the realm of privacy breach regulations, where, depending on the location and regulation, reporting may be required in as few as two hours after discovery of a potential breach.

This talk will discuss the tension between the need to move quickly and quietly during the early stages of IR and the right of affected persons to know that their information has been accessed. The framework for the discussion will be state and federal privacy laws proposed and enacted in 2022, with an eye toward potential trends and hot topics going forward.

Presenters:

• Kelly Ohlert
  Kelly Ohlert (@gwyddia) is passionate about bringing the best of tabletop roleplaying games into high-level security tabletop simulations. She’s designed and facilitated single-scenario and multi-table games for companies ranging from VC-stage startups to multi-billion-dollar megacorps, and for audiences including both the information security and indie RPG game spaces. Kelly serves as staff counsel for BSides Las Vegas and will speak anywhere people will listen.

Similar Presentations:

• BSides Austin 2018 / Inside a Breach: Lesson Learned
• DeepSec 2018 „I like to mov &6974,%bx“ / Blinding the Watchers: The Growing Tension between Privacy Concerns and Information Security
• GrrCON 2014 / Breach Stains